|<<< Chronological >>>||Author Index Subject Index||<<< Threads|
Re: [bad] [certtest] OCSP validation of the SSL certificate for https://certtest.ripe.net is failing
- To: Marcus Stoegbauer ms@localhost
- From: Tim Bruijnzeels tim@localhost
- Date: Mon, 22 Dec 2008 12:41:44 +0100
Hi Marcus, sorry I think my previous response was a bit of the mark :(We *are* using a '*.ripe.net' certificate, but it seems that this is not the cause of the problem you reported..
We will do our home work now and get back to the list when we have more details.
Cheers, Tim Tim Bruijnzeels wrote:
Hi Marcus,thanks for your pointer, we did not realise that the current setup could cause problems for firefox3.The reason why you get this error code, which I think is a warning only in the default setup, is that we are using a certificate issued to '*.ripe.net' instead of 'certtest.ripe.net'. This is because of financial and logistic reasons, and because we thought it wouldn't matter for the beta environment.When we set up the real production environment we will address this again and get a certificate that is issued to the specific hostname that we will be using then.Cheers, Tim Marcus Stoegbauer wrote:Hi, in case you have problems connecting to https://certtest.ripe.net withFirefox3, have a look at Preferences/Advanced/Encryption, Button Validation.If you have the option "When an OCSP server connection fails, treat the certificate as invalid" enabled, you will get the following error message from Firefox: Secure Connection Failed An error occurred during a connection to certtest.ripe.net. Invalid OCSP signing certificate in OCSP response. (Error code: sec_error_ocsp_invalid_signing_cert) As far as I can tell the OCSP servers at the registrar who issued the certificate for certtest.ripe.net claims that the cert is unknown to him. Marcus
- [certtest] OCSP validation of the SSL certificate for https://certtest.ripe.net is failing
- From: Marcus Stoegbauer
- Re: [bad] [certtest] OCSP validation of the SSL certificate for https://certtest.ripe.net is failing
- From: Tim Bruijnzeels
|<<< Chronological >>>||Author Subject||<<< Threads|